Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    327KB

  • Sample

    231012-fgs9maab35

  • MD5

    7ff646fbaa5bb955d1b0cfaffaf61cb2

  • SHA1

    91f6d86cc0cb5ef9860752d10315ce65a6b6fb3c

  • SHA256

    ecd04804617988e39d5f075e021f6403a33b688ef388f75b897e4c4f7e21e466

  • SHA512

    99a6eac16659c579f4a4176861148d3c2c56099eec95f3e1dd4d0ff18e7f87e8db792f3b5c03b16f9d62c5fd16e9f6e37ed79bb4a4bf63d3b286a1aeb5702eb9

  • SSDEEP

    6144:vYa6iwngrjoJm3rXSpywnBRwA6QfGO4LiC6aAV4Fii6RhUCpOMLILE6cv3ciy:vY0CgrcM7XSpfBRCQe9ujRRlTOEZ4

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

    • Target

      tmp

    • Size

      327KB

    • MD5

      7ff646fbaa5bb955d1b0cfaffaf61cb2

    • SHA1

      91f6d86cc0cb5ef9860752d10315ce65a6b6fb3c

    • SHA256

      ecd04804617988e39d5f075e021f6403a33b688ef388f75b897e4c4f7e21e466

    • SHA512

      99a6eac16659c579f4a4176861148d3c2c56099eec95f3e1dd4d0ff18e7f87e8db792f3b5c03b16f9d62c5fd16e9f6e37ed79bb4a4bf63d3b286a1aeb5702eb9

    • SSDEEP

      6144:vYa6iwngrjoJm3rXSpywnBRwA6QfGO4LiC6aAV4Fii6RhUCpOMLILE6cv3ciy:vY0CgrcM7XSpfBRCQe9ujRRlTOEZ4

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks